Nathalie is a Data Protection and Cyber Security Partner in the Commercial Services team at Addleshaw Goddard's London office. She is a well-known and trusted adviser in the global privacy and data protection world, who brings 20 years of experience and extensive knowledge to clients across sectors and jurisdictions.
Nathalie’s practice encompasses the full range of Data Protection, e-Privacy and Cyber Security issues including global data protection audits and compliance implementation programmes, policies, data processing/ sharing arrangements, vendor management, data protection impact assessments, privacy by design, marketing permissions, data collection and commercial exploitation, data subject rights and the use of new technologies (AI, IoT, ec).
She regularly provides strategic advice in relation to multi-jurisdictional data transfers including on the implementation of the new EU Standard Contractual Clauses (SCCs); the UK Addendum to the EU SCCs, BCRs, intra-group data sharing arrangements as well as in relation to conflicts between different applicable privacy laws (e.g. EU/UKGDPR, CCPA in the US, laws in China, Russia, India, etc.).
Nathalie also advises on cybersecurity matters ranging from data breach response, forensic investigations and remediation, to system infrastructure and network security, the NIS Directive, data governance and security standards.
Having worked at the European Commission in Brussels and the World Bank in Washington DC, she combines strong regulatory expertise with commercially pragmatic solutions when it comes to representing clients subject to investigations or enforcement proceedings before the Information Commissioner in the UK, the CNIL in France, the EU Supervisory Authorities or the EDPB.
Nathalie also regularly advises on a wide range of technology related agreements, EU digital media, commercial contracts and consumer protection issues.
Her clients are drawn from a wide range of data rich industry sectors, including Technology, Healthcare & Life Sciences, Financial Services, Retail & Consumer, Hospitality & Leisure, Advertising and Marketing, Automotive, , Media and Publishing.
She contributes regularly to newspapers and specialist legal publications, and participates in many industry/sector groups. She is a regular speaker at international privacy and data security conferences. Nathalie is a dual qualified lawyer in the UK and in France.
Nathalie's recent experience includes advising:
- an international health technology provider on patient information and confidentiality in connection with the roll out of their pharmacy management software in the EU, and assisting with investigations from EU Supervisory Authorities in the context of a data security breach
- a number of global hospitality management and real estate groups on GDPR global audits and compliance programmes, including on vendor management
- a global publisher on strategic data sharing and data transfer agreements, PECR compliance and marketing permissions and contractual data arrangements with business alliance partners
- adtech vendors on transatlantic data privacy issues and in particular compliance with the GDPR and the CCPA in the online advertising ecosystem
- a large multinational gaming operator on its intra group data sharing arrangements as well as Brexit implications
- a UK civil society campaign on ICO regulatory investigations relating to online political advertising campaigns
- a leading European fleet telematics provider on a telematics data sharing agreement
- a large multinational BPO provider on the data aspects of the outsourcing of its claim handling services to jurisdictions outside of the EEA.
- Towards adequacy; The European commision's draft decision on the EU-US data privacy framework - view here >
- The New Schrems II Dilemma: Regulatory Enforcement Against Google Analytics in the EU - view here >
- Data reforms in the UK: Summary of changes and their impact for you - view here >
- Virtual Patient Consultations: Embracing technology while safeguarding patients, published on the Yokshire Post on 4th February 2022 - view here >
- AG Co-Ordinates the British Retail Consortium (BRC) Response to the ICO Consultation, published on 8 October 2021 - view here >
- The UK ICO's consultation on data transfers outside of the UK towards a new model data transfer contract published on 19 August 2021 - view here >
- Interview in Tech Monitor on the cyber-attack on T-Mobile: T-Mobile data breach could leave the company counting the cost published on 17 August 2021 - view here >
- UK NHSX new data strategy for a post-pandemic world published on 5 July 2021 - view here >
- UK NHS digital GPDPR programme published on 18 June 2021 - view here >
- Nathalie spoke to RT News regarding the Supreme Court hearings on Lloyd v Google - view here >
- Lloyd v Google: Supreme Court hearings set for 28 and 29 April 2021 published on 19 April 2021 - view here >
- UK's journey to EU Adequacy Post Brexit published on 18 January 2021 - view here >
- Covid-19: A practical guide to Data Protection practices in workplace testing in the UK - France - Germany published 8 June 2020 - view here >
- Coronavirus and Contact Tracing Apps: Global Privacy Perspective, AG Insights published on 4 May 2020 - view here >
- The rise of big tech monetising healthcare data, Comments in Information Age published on 24 February 2020
- What will Google’s healthcare expansion mean for UK data protection? Comments in Techworld published on 10 January 2020
- International Data Transfers on 17 November 2020 - view here >
- Guest speaker for a Webinar Panel discussion on key 2020/2021 issues for in-house Counsel hosted on 4 February 2021
- A Guide to Good Practice for Digital and Data Driven Health Technologies on 22 February 2021 - view here >
- Virus Tech Draws Scrutiny From European Privacy Advocates on 5 March 2021 - view here >
- Upcoming events & webinars
- WSJ Pro Cybersecurity Webinar | Issues in Contact Tracing -July 15, 2020 - register here
- Global Legal ConfEx - 23 September 2020 - register here
- Data Download webinar series - click here to view recordings
- Westminster Health Forum - Use of artificial intelligence in healthcare - Thursday 27 May - Find out more here
- French - fluent
- Spanish - fluent
- Russian - basic
- Italian - basic
- Professional Memberships
- Solicitor of the Law Society of England and Wales
- Avocate, Ordre des Avocats de Paris (French Bar)
- Certified Information Privacy Professional/Europe (CIPP/E), International Association of Privacy Professionals (IAPP)
- The Future of Privacy Forum